technically, you are correct, but in practice doing that is a nightmare for a number of reasons.
one being that the format of the ses_* files created in the session.save_path is known to change from version to version of php, even in minor version updates.
In some instances, the php server may be configured to persist session data in memory, therefore, wont create the ses_* files.
In any case, this is not functionality supported by security assist.